Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/f598b8-3a2f-4155-95fd-5f8167024968/1/1qJoQSACk_IWqNQFAgY2RGDCucY.roa
File:                     1qJoQSACk_IWqNQFAgY2RGDCucY.roa (raw, json)
Hash identifier:          r4JvUAd2aZrKgTKhLdpWMdLTWksL+RQhFMRRlNWnDKI=
Subject key identifier:   D6:A2:68:41:20:02:93:F2:16:A8:D4:05:02:06:36:44:60:C2:B9:C6
Certificate issuer:       /CN=0e2d1edc0cc697742cf47364bb1d11b8ff808eae
Certificate serial:       018DD9DEB86CABC0F821979039F1A570000D
Authority key identifier: 0E:2D:1E:DC:0C:C6:97:74:2C:F4:73:64:BB:1D:11:B8:FF:80:8E:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Di0e3AzGl3Qs9HNkux0RuP-Ajq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/f598b8-3a2f-4155-95fd-5f8167024968/1/1qJoQSACk_IWqNQFAgY2RGDCucY.roa
Signing time:             Sat 24 Feb 2024 06:47:48 +0000
ROA not before:           Sat 24 Feb 2024 06:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215510
IP address blocks:        185.238.139.0/24 maxlen: 24
                          2a13:100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/f598b8-3a2f-4155-95fd-5f8167024968/1/Di0e3AzGl3Qs9HNkux0RuP-Ajq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/f598b8-3a2f-4155-95fd-5f8167024968/1/Di0e3AzGl3Qs9HNkux0RuP-Ajq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Di0e3AzGl3Qs9HNkux0RuP-Ajq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d9:de:b8:6c:ab:c0:f8:21:97:90:39:f1:a5:70:00:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e2d1edc0cc697742cf47364bb1d11b8ff808eae
        Validity
            Not Before: Feb 24 06:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6a26841200293f216a8d4050206364460c2b9c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ff:f4:ef:e3:42:cd:f2:72:40:d1:78:19:ca:
                    37:33:21:f1:83:e0:bd:4a:ba:f2:44:df:aa:b4:2e:
                    db:03:ec:b7:c8:56:11:36:1e:6b:5a:33:e1:1c:b5:
                    34:58:7e:0c:9a:d2:c9:36:d9:97:e0:fa:59:89:ea:
                    22:06:ab:f1:99:e7:38:b5:e8:d4:38:68:0d:26:29:
                    1a:4c:4e:88:35:83:07:2d:69:29:39:0a:3d:87:3a:
                    ca:4b:e0:29:69:bb:18:71:d3:48:d1:be:4d:8a:f7:
                    73:6e:bb:aa:f3:77:88:5b:24:ba:a1:a5:e4:cd:40:
                    76:de:7b:c3:a2:78:6f:85:c0:e8:79:5d:f5:6c:f1:
                    16:49:98:87:bb:c5:0e:90:18:d7:d8:ce:17:45:26:
                    90:fa:c5:d9:08:67:58:0c:f3:c8:8d:02:02:0f:6e:
                    69:3c:ef:32:7e:80:89:e1:11:c2:37:85:9a:26:20:
                    35:07:5a:ee:c8:12:9d:b0:bd:63:a5:85:6c:3d:ae:
                    80:79:02:29:b8:76:01:d7:f9:05:9c:7d:f2:c2:93:
                    cb:c5:d7:32:05:21:90:f3:f2:b7:4f:25:bd:19:bc:
                    eb:87:8f:92:6c:03:47:5a:d7:2e:4d:91:cf:c4:29:
                    70:92:86:9f:50:b6:bc:6e:cd:f1:e6:e2:c4:3c:c9:
                    c2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:A2:68:41:20:02:93:F2:16:A8:D4:05:02:06:36:44:60:C2:B9:C6
            X509v3 Authority Key Identifier:
                keyid:0E:2D:1E:DC:0C:C6:97:74:2C:F4:73:64:BB:1D:11:B8:FF:80:8E:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Di0e3AzGl3Qs9HNkux0RuP-Ajq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/f598b8-3a2f-4155-95fd-5f8167024968/1/1qJoQSACk_IWqNQFAgY2RGDCucY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/f598b8-3a2f-4155-95fd-5f8167024968/1/Di0e3AzGl3Qs9HNkux0RuP-Ajq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.139.0/24
                IPv6:
                  2a13:100::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:64:ec:3e:20:52:b2:75:59:09:b2:c3:1c:6b:1f:ae:60:50:
         d0:08:17:cf:1c:90:fe:7b:8e:95:08:d0:e9:9f:51:de:fc:57:
         4f:e7:e2:e9:56:48:21:2a:dc:c8:a1:42:b7:92:02:b2:3f:05:
         d3:2e:cb:f8:48:19:e5:a3:17:c3:73:a7:27:53:5a:6b:69:72:
         12:8f:13:cb:0b:b8:ae:5e:8a:bb:0d:b9:1e:59:4a:48:ab:88:
         15:43:d1:1e:51:5b:48:a5:fc:f8:c6:c0:71:69:9a:a3:f9:71:
         97:c6:2b:9d:4c:e8:ea:bf:4a:05:bd:e2:75:c3:60:3e:33:e2:
         30:56:5c:72:73:27:71:d3:87:b3:82:fd:41:87:ec:fb:f9:f5:
         dd:4c:9b:33:92:03:29:fd:46:2c:e0:d6:c0:2b:7f:b2:86:0a:
         08:a2:17:a3:a3:29:ab:30:1a:67:16:7c:b4:79:e7:60:38:cf:
         14:8b:8d:98:7c:f5:34:6d:cd:e9:39:79:5e:d3:1c:e3:c7:1d:
         85:82:ce:ad:d4:db:99:b7:b4:c9:16:77:13:ad:db:c8:0b:2b:
         8a:d9:f8:e4:af:ab:14:e6:a5:42:7e:89:85:08:d0:5c:a6:ce:
         12:87:96:40:15:de:fa:b2:a1:50:64:ca:61:90:7f:ff:b7:e3:
         66:11:03:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3Z3rhsq8D4IZeQOfGlcAANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMmQxZWRjMGNjNjk3NzQyY2Y0NzM2NGJiMWQxMWI4ZmY4
MDhlYWUwHhcNMjQwMjI0MDY0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmEyNjg0MTIwMDI5M2YyMTZhOGQ0MDUwMjA2MzY0NDYwYzJiOWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//07+NCzfJyQNF4Gco3MyHxg+C9
SrryRN+qtC7bA+y3yFYRNh5rWjPhHLU0WH4MmtLJNtmX4PpZieoiBqvxmec4tejU
OGgNJikaTE6INYMHLWkpOQo9hzrKS+ApabsYcdNI0b5Nivdzbruq83eIWyS6oaXk
zUB23nvDonhvhcDoeV31bPEWSZiHu8UOkBjX2M4XRSaQ+sXZCGdYDPPIjQICD25p
PO8yfoCJ4RHCN4WaJiA1B1ruyBKdsL1jpYVsPa6AeQIpuHYB1/kFnH3ywpPLxdcy
BSGQ8/K3TyW9Gbzrh4+SbANHWtcuTZHPxClwkoafULa8bs3x5uLEPMnC4wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNaiaEEgApPyFqjUBQIGNkRgwrnGMB8GA1UdIwQY
MBaAFA4tHtwMxpd0LPRzZLsdEbj/gI6uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGkwZTNBekdsM1FzOUhOa3V4MFJ1UC1BanE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9mNTk4YjgtM2EyZi00MTU1LTk1ZmQt
NWY4MTY3MDI0OTY4LzEvMXFKb1FTQUNrX0lXcU5RRkFnWTJSR0RDdWNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9mNTk4YjgtM2EyZi00MTU1LTk1ZmQtNWY4MTY3MDI0OTY4
LzEvRGkwZTNBekdsM1FzOUhOa3V4MFJ1UC1BanE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAue6LMA0E
AgACMAcDBQMqEwEAMA0GCSqGSIb3DQEBCwUAA4IBAQCYZOw+IFKydVkJssMcax+u
YFDQCBfPHJD+e46VCNDpn1He/FdP5+LpVkghKtzIoUK3kgKyPwXTLsv4SBnloxfD
c6cnU1praXISjxPLC7iuXoq7DbkeWUpIq4gVQ9EeUVtIpfz4xsBxaZqj+XGXxiud
TOjqv0oFveJ1w2A+M+IwVlxycydx04ezgv1Bh+z7+fXdTJszkgMp/UYs4NbAK3+y
hgoIohejoymrMBpnFny0eedgOM8Ui42YfPU0bc3pOXle0xzjxx2Fgs6t1NuZt7TJ
FncTrdvICyuK2fjkr6sU5qVCfomFCNBcps4Sh5ZAFd76sqFQZMphkH//t+NmEQM2
-----END CERTIFICATE-----